Author: markt
Date: Tue Oct 28 17:15:21 2025
New Revision: 1929395
Log:
Add reporting dates to recent vulnerabilities
Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-10.xml
tomcat/site/trunk/xdocs/security-11.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-10.html
==============================================================================
--- tomcat/site/trunk/docs/security-10.html Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/docs/security-10.html Tue Oct 28 17:15:21 2025
(r1929395)
@@ -60,7 +60,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0";>af6e9181</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.46</p>
@@ -82,7 +83,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2";>138d7f5c</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.44</p>
@@ -104,7 +106,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06";>130d36d8</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.44</p>
@@ -121,7 +124,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255";>73c04a10</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.43</p>
@@ -136,7 +140,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c";>fc42bbcc</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.42</p>
@@ -150,7 +155,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb";>2aa62612</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.42</p>
@@ -167,7 +173,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6";>8621e4c6</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -184,7 +191,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c";>7617b9c2</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -198,7 +206,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/e0e07812224d327a321babb554f5a5758d30cc49";>e0e07812</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0 to 10.1.41</p>
@@ -216,7 +225,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6";>cdde8e65</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -233,7 +243,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/667ddd76e2a0e762f3a784d86f0d25e7fd7cdb86";>667ddd76</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -251,7 +262,8 @@
<a
href="https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5";>2c680011</a>
and
<a
href="https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558";>238d2aa5</a>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.40</p>
@@ -267,7 +279,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098";>066bf6b6</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.39</p>
@@ -284,7 +297,8 @@
<a
href="https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc";>1eef1dc4</a>
and
<a
href="https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60";>8cc3b8fb</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 10.1.10 to 10.1.39</p>
@@ -326,7 +340,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc";>f6c01d65</a>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.34</p>
@@ -351,7 +366,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -371,7 +387,8 @@
<a
href="https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd";>54e56495</a>
and
<a
href="https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66";>bbd82e95</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -389,7 +406,8 @@
<a
href="https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2";>8554f6b1</a>
and
<a
href="https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f";>05ddeeaa</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -411,7 +429,9 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/be8e32143a3159e78fe5463d09bb8e1b33bf2b1f";>be8e3214</a>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 10.1.31</p>
Modified: tomcat/site/trunk/docs/security-11.html
==============================================================================
--- tomcat/site/trunk/docs/security-11.html Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/docs/security-11.html Tue Oct 28 17:15:21 2025
(r1929395)
@@ -54,7 +54,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06";>1cdf5f73</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.11</p>
@@ -76,7 +77,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb";>5a3db092</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.10</p>
@@ -98,7 +100,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a";>fec06c61</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.10</p>
@@ -115,7 +118,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06";>f362c8eb</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.9</p>
@@ -130,7 +134,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db";>a51e4bed</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.8</p>
@@ -144,7 +149,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b";>be8f330f</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.8</p>
@@ -161,7 +167,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21";>90306d97</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -178,7 +185,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637";>d94bd36f</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -192,7 +200,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/c56456cda8151c9504dfb7985700824559d769a7";>c56456cd</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -210,7 +219,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e";>2b0ab14f</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -227,7 +237,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/74f69ffaf61e54c727603e7e831fe20f0ac5d2a7";>74f69ffa</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -245,7 +256,8 @@
<a
href="https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2";>fab7247d</a>
and
<a
href="https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a";>0f01966e</a>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.6</p>
@@ -261,7 +273,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953";>fbecc915</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.5</p>
@@ -278,7 +291,8 @@
<a
href="https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2";>f619e6a0</a>
and
<a
href="https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9";>ded0285b</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 11.0.0-M2 to 11.0.5</p>
@@ -320,7 +334,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c";>0a668e0c</a>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.2</p>
@@ -342,7 +357,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -362,7 +378,8 @@
<a
href="https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1";>72281466</a>
and
<a
href="https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213";>cb170768</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -380,7 +397,8 @@
<a
href="https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c";>cc7a98b5</a>
and
<a
href="https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842";>684247ae</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -396,7 +414,9 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/8d1fc4733a06d1a03b9d644c57010f2ec5f0df38";>8d1fc473</a>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 11.0.0</p>
Modified: tomcat/site/trunk/docs/security-9.html
==============================================================================
--- tomcat/site/trunk/docs/security-9.html Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/docs/security-9.html Tue Oct 28 17:15:21 2025
(r1929395)
@@ -54,7 +54,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b";>afa422bd</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.109</p>
@@ -76,7 +77,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5";>a03cabf3</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.40 to 9.0.108</p>
@@ -98,7 +100,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df";>b5042622</a>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.0.M11 to 9.0.108</p>
@@ -115,7 +118,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf";>f36b8a4e</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.107</p>
@@ -131,7 +135,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018";>8a83c3c4</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 6 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -144,7 +149,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040";>927d66fb</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -158,7 +164,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b";>43477293</a>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -175,7 +182,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95";>9c3673ba</a>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -192,7 +200,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9";>9418e3ff</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -206,7 +215,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/28726cc2e63bed68771f5eb0f65a78dc7080571823";>28726cc2</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.23 to 9.0.105</p>
@@ -224,7 +234,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910";>ee8042ff</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -241,7 +252,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93";>97790a35</a>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -259,7 +271,8 @@
<a
href="https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74";>8df00018</a>
and
<a
href="https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605";>8cb95ff0</a>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.104</p>
@@ -282,7 +295,8 @@
<a
href="https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454";>ee3ab548</a>
and
<a
href="https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64";>175dc75f</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.102</p>
@@ -299,7 +313,8 @@
<a
href="https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa";>b98e74f5</a>
and
<a
href="https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9";>b7674782</a>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 9.0.76 to 9.0.102</p>
@@ -341,7 +356,8 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72";>eb61aade</a>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.98</p>
@@ -366,7 +382,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -388,7 +405,8 @@
<a
href="https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e";>84c4af76</a>
and
<a
href="https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533";>9ffd23fc</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -406,7 +424,8 @@
<a
href="https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00";>43b507eb</a>
and
<a
href="https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41";>631500b0</a>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -422,7 +441,9 @@
<p>This was fixed with commit
<a
href="https://github.com/apache/tomcat/commit/9813c5dd3259183f659bbb83312a5cf673cc1ebf";>9813c5dd</a>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 9.0.96</p>
Modified: tomcat/site/trunk/xdocs/security-10.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-10.xml Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/xdocs/security-10.xml Tue Oct 28 17:15:21 2025
(r1929395)
@@ -73,7 +73,8 @@
<p>This was fixed with commit
<hashlink hash="af6e9181620304c0d818121c29c074e1330610d0"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.46</p>
@@ -97,7 +98,8 @@
<p>This was fixed with commit
<hashlink hash="138d7f5cfaae683078948303333c080e6faa75d2"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.44</p>
@@ -119,7 +121,8 @@
<p>This was fixed with commit
<hashlink hash="130d36d8492ef9e4eb22952c17c92423cb35fd06"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.44</p>
@@ -138,7 +141,8 @@
<p>This was fixed with commit
<hashlink hash="73c04a10395774bda71a0b37802cf983662ce255"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.43</p>
@@ -155,7 +159,8 @@
<p>This was fixed with commit
<hashlink hash="fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.42</p>
@@ -169,7 +174,8 @@
<p>This was fixed with commit
<hashlink hash="2aa6261276ebe50b99276953591e3a2be7898bdb"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.42</p>
@@ -188,7 +194,8 @@
<p>This was fixed with commit
<hashlink hash="8621e4c6ba2c916a41eb34cb0f781171ead33fb6"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -205,7 +212,8 @@
<p>This was fixed with commit
<hashlink hash="7617b9c247bc77ed0444dd69adcd8aa48777886c"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -219,7 +227,8 @@
<p>This was fixed with commit
<hashlink hash="e0e07812224d327a321babb554f5a5758d30cc49"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0 to 10.1.41</p>
@@ -237,7 +246,8 @@
<p>This was fixed with commit
<hashlink hash="cdde8e655bc1c5c60a07efd216251d77c52fd7f6"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -254,7 +264,8 @@
<p>This was fixed with commit
<hashlink hash="667ddd76e2a0e762f3a784d86f0d25e7fd7cdb86"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.41</p>
@@ -274,7 +285,8 @@
<hashlink hash="2c6800111e7d8d8d5403c07978ea9bff3db5a5a5"/> and
<hashlink hash="238d2aa54b99f91d1111467e2237d2244c64e558"/>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.40</p>
@@ -292,7 +304,8 @@
<p>This was fixed with commit
<hashlink hash="066bf6b6a15a4e7e0941d4acf096841165b97098"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.39</p>
@@ -309,7 +322,8 @@
<hashlink hash="1eef1dc459c45f1e421d8bd25ef340fc1cc34edc"/> and
<hashlink hash="8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 10.1.10 to 10.1.39</p>
@@ -353,7 +367,8 @@
<p>This was fixed with commit
<hashlink hash="f6c01d6577cf9a1e06792be47e623d36acc3b5dc"/>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 10.1.0-M1 to 10.1.34</p>
@@ -380,7 +395,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -400,7 +416,8 @@
<hashlink hash="54e56495e9a106218efe9fc9c79d976c0032bbfd"/> and
<hashlink hash="bbd82e9593314ade4cfd57248f9285fbad686f66"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -418,7 +435,8 @@
<hashlink hash="8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2"/> and
<hashlink hash="05ddeeaa54df1e2dc427d0164bedd6b79f78d81f"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 10.1.0-M1 to 10.1.33</p>
@@ -442,7 +460,9 @@
<p>This was fixed with commit
<hashlink hash="be8e32143a3159e78fe5463d09bb8e1b33bf2b1f"/>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 10.1.31</p>
Modified: tomcat/site/trunk/xdocs/security-11.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-11.xml Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/xdocs/security-11.xml Tue Oct 28 17:15:21 2025
(r1929395)
@@ -67,7 +67,8 @@
<p>This was fixed with commit
<hashlink hash="1cdf5f730ede75a0759492f179ac21ca4ff68e06"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.11</p>
@@ -91,7 +92,8 @@
<p>This was fixed with commit
<hashlink hash="5a3db092982c0c58d4855304167ee757fe5e79bb"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.10</p>
@@ -113,7 +115,8 @@
<p>This was fixed with commit
<hashlink hash="fec06c610ed7466b401e29cc567a58aee5ed826a"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.10</p>
@@ -132,7 +135,8 @@
<p>This was fixed with commit
<hashlink hash="f362c8eb3b8ec5b7f312f7f5610731c0fb299a06"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.9</p>
@@ -149,7 +153,8 @@
<p>This was fixed with commit
<hashlink hash="a51e4bedccfafd35b7cdd0ee3e22267dee9f90db"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.8</p>
@@ -163,7 +168,8 @@
<p>This was fixed with commit
<hashlink hash="be8f330f83ceddaf3baeed57522e571572b6b99b"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.8</p>
@@ -182,7 +188,8 @@
<p>This was fixed with commit
<hashlink hash="90306d971bb8b8393336d893644124fb2ca11d21"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -199,7 +206,8 @@
<p>This was fixed with commit
<hashlink hash="d94bd36fb7eb32e790dae0339bc249069649a637"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -213,7 +221,8 @@
<p>This was fixed with commit
<hashlink hash="c56456cda8151c9504dfb7985700824559d769a7"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -231,7 +240,8 @@
<p>This was fixed with commit
<hashlink hash="2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -248,7 +258,8 @@
<p>This was fixed with commit
<hashlink hash="74f69ffaf61e54c727603e7e831fe20f0ac5d2a7"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.7</p>
@@ -268,7 +279,8 @@
<hashlink hash="fab7247d2f0e3a29d5daef565f829f383e10e5e2"/> and
<hashlink hash="0f01966eb60015d975525019e12a087f05ebf01a"/>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.6</p>
@@ -286,7 +298,8 @@
<p>This was fixed with commit
<hashlink hash="fbecc915a10c5a3d634c5e2c6ced4ff479ce9953"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.5</p>
@@ -303,7 +316,8 @@
<hashlink hash="f619e6a05029538886d5a9d987925d573b5bb8c2"/> and
<hashlink hash="ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 11.0.0-M2 to 11.0.5</p>
@@ -347,7 +361,8 @@
<p>This was fixed with commit
<hashlink hash="0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c"/>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 11.0.0-M1 to 11.0.2</p>
@@ -371,7 +386,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -391,7 +407,8 @@
<hashlink hash="722814668708c42a61b0c1e340b15bc2b785c0d1"/> and
<hashlink hash="cb1707685472994e9d924746f8c91cb116fa5213"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -409,7 +426,8 @@
<hashlink hash="cc7a98b57c6dc1df21979fcff94a36e068f4456c"/> and
<hashlink hash="684247ae85fa633b9197b32391de59fc54703842"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 11.0.0-M1 to 11.0.1</p>
@@ -427,7 +445,9 @@
<p>This was fixed with commit
<hashlink hash="8d1fc4733a06d1a03b9d644c57010f2ec5f0df38"/>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 11.0.0</p>
Modified: tomcat/site/trunk/xdocs/security-9.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml Tue Oct 28 15:40:27 2025
(r1929394)
+++ tomcat/site/trunk/xdocs/security-9.xml Tue Oct 28 17:15:21 2025
(r1929395)
@@ -67,7 +67,8 @@
<p>This was fixed with commit
<hashlink hash="afa422bd7ca1eef0f507259c682fd876494d9c3b"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 September 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.109</p>
@@ -91,7 +92,8 @@
<p>This was fixed with commit
<hashlink hash="a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 5 August 2025.
The
+ issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.40 to 9.0.108</p>
@@ -113,7 +115,8 @@
<p>This was fixed with commit
<hashlink hash="b5042622b8b78340ae65403c55dcb9c7416924df"/>.</p>
- <p>The issue was made public on 27 October 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 11 August 2025.
+ The issue was made public on 27 October 2025.</p>
<p>Affects: 9.0.0.M11 to 9.0.108</p>
@@ -132,7 +135,8 @@
<p>This was fixed with commit
<hashlink hash="f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the ASF security team on 29 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.107</p>
@@ -150,7 +154,8 @@
<p>This was fixed with commit
<hashlink hash="8a83c3c42d20762782678932c14005cd3397a018"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 6 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -163,7 +168,8 @@
<p>This was fixed with commit
<hashlink hash="927d66fbc294cb65242102b817a45fd80834e040"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -177,7 +183,8 @@
<p>This was fixed with commit
<hashlink hash="434772930f362145516dd60681134e7f0cf8115b"/>.</p>
- <p>The issue was made public on 10 July 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 June 2025. The
+ issue was made public on 10 July 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.106</p>
@@ -196,7 +203,8 @@
<p>This was fixed with commit
<hashlink hash="9c3673ba04009377cb0c81ccb6cf5078aec1aa95"/>.</p>
- <p>The issue was made public on 13 August 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 13 August 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -213,7 +221,8 @@
<p>This was fixed with commit
<hashlink hash="9418e3ff9f1f4c006b4661311ae9376c52d162b9"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -227,7 +236,8 @@
<p>This was fixed with commit
<hashlink hash="28726cc2e63bed68771f5eb0f65a78dc7080571823"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 30 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.23 to 9.0.105</p>
@@ -245,7 +255,8 @@
<p>This was fixed with commit
<hashlink hash="ee8042ffce4cb9324dfd79efda5984f37bbb6910"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -262,7 +273,8 @@
<p>This was fixed with commit
<hashlink hash="97790a35a27d236fa053e660676c3f8196284d93"/>.</p>
- <p>The issue was made public on 16 June 2025.</p>
+ <p>This issue was reported to the ASF security team on 16 May 2025. The
+ issue was made public on 16 June 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.105</p>
@@ -282,7 +294,8 @@
<hashlink hash="8df00018a252baa9497615d6420fb6c10466fa74"/> and
<hashlink hash="8cb95ff03221067c511b3fa66d4f745bc4b0a605"/>.</p>
- <p>The issue was made public on 29 May 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 7 April 2025. The
+ issue was made public on 29 May 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.104</p>
@@ -307,7 +320,8 @@
<hashlink hash="ee3ab548e92345eca0cbd1f01649eb36c6f29454"/> and
<hashlink hash="175dc75fc428930034a6c93fb52f830d955d8e64"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 28 February 2025.
+ The issue was made public on 28 April 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.102</p>
@@ -324,7 +338,8 @@
<hashlink hash="b98e74f517b36929f4208506e5adad22cb767baa"/> and
<hashlink hash="b7674782679e1514a0d154166b1d04d38aaac4a9"/>.</p>
- <p>The issue was made public on 28 April 2025.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 13 March 2025. The CVE was published on 28 April
2025.</p>
<p>Affects: 9.0.76 to 9.0.102</p>
@@ -368,7 +383,8 @@
<p>This was fixed with commit
<hashlink hash="eb61aade8f8daccaecabf07d428b877975622f72"/>.</p>
- <p>The issue was made public on 10 March 2025.</p>
+ <p>This issue was reported to the Tomcat security team on 13 January 2025.
+ The issue was made public on 10 March 2025.</p>
<p>Affects: 9.0.0.M1 to 9.0.98</p>
@@ -395,7 +411,8 @@
system property and the problematic cache have been removed)</li>
</ul></p>
- <p>The issue was made public on 20 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 17 December 2024.
+ The issue was made public on 20 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -417,7 +434,8 @@
<hashlink hash="84c4af76e7a10fc7f8630ce62e6a46632ea4a90e"/> and
<hashlink hash="9ffd23fc27f5d1fc95bf97e5cea175c8968f4533"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 23 November 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -435,7 +453,8 @@
<hashlink hash="43b507ebac9d268b1ea3d908e296cc6e46795c00"/> and
<hashlink hash="631500b0c9b2a2a2abb707e3de2e10a5936e5d41"/>.</p>
- <p>The issue was made public on 17 December 2024.</p>
+ <p>This issue was reported to the Tomcat security team on 18 October 2024.
+ The issue was made public on 17 December 2024.</p>
<p>Affects: 9.0.0.M1 to 9.0.97</p>
@@ -453,7 +472,9 @@
<p>This was fixed with commit
<hashlink hash="9813c5dd3259183f659bbb83312a5cf673cc1ebf"/>.</p>
- <p>The issue was made public on 18 November 2024.</p>
+ <p>This issue was not disclosed responsibly. It was reported via the public
+ bug tracker on 6 November 2024. The CVE was published on 18 November
+ 2024.</p>
<p>Affects: 9.0.96</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
